Mastodons On Parade

Free AI web copilot to create summaries, insights and extended knowledge, download it at here

5810

Abstract

div id="2fc2"><pre>npm install express express-session keycloak-connect nodemon</pre></div><h2 id="592f">Define main execution file — app.js</h2>Add a file named app.js at the root level of your secure-express-service project.Define imports and express app<div id="54ca"><pre>// file - app.js

const express = require('express'); const session = require("express-session"); const Keycloak = require("keycloak-connect");

const app = express(); const PORT = 3000;

...</pre></div>Setup Keycloak Middleware<div id="cefb"><pre>// file - app.js

...

const USER_ROLE = process.env.USER_ROLE || 'express-user'; const ADMIN_ROLE = process.env.ADMIN_ROLE || 'express-admin';

const kcConfig = { clientId: process.env.AUTH_CLIENT_ID || 'secure-express-service', bearerOnly: true, serverUrl: process.env.AUTH_SERVER || 'http://localhost:8080', realm: process.env.AUTH_REALM || 'master' };

const memoryStore = new session.MemoryStore();

Keycloak.prototype.accessDenied = function (request, response) { response.status(401) response.setHeader('Content-Type', 'application/json') response.end(JSON.stringify({ status: 401, message: 'Unauthorized/Forbidden', result: { errorCode: 'ERR-401', errorMessage: 'Unauthorized/Forbidden' } })) }

const keycloak = new Keycloak({ store: memoryStore }, kcConfig);

function adminOnly(token, request) { return token.hasRole(realm:${ADMIN_ROLE}); }

function isAuthenticated(token, request) { return token.hasRole(realm:${ADMIN_ROLE}) || token.hasRole(realm:${USER_ROLE}); }

app.use(session({ secret: process.env.APP_SECRET || 'BV&%R*BD66JH', resave: false, saveUninitialized: true, store: memoryStore }));

app.use( keycloak.middleware() );

...</pre></div>Setup REST endpoint and server<div id="5fc0"><pre>app.get('/public', (req, res) => { res.status(200).send({ <span class="hljs-string

Options

">'message': "This is a public enpoint which can be accessed by anonymous users", }); })

app.get('/secured', [keycloak.protect(isAuthenticated)], (req, res) => { res.status(200).send({ 'message': "This is a secured enpoint which can be accessed by any authenticated user", }); })

app.get('/secured-admin', [keycloak.protect(adminOnly)], (req, res) => { res.status(200).send({ 'message': "This is a secured enpoint which can be accessed only by any authenticated user with role admin", }); })

app.listen(PORT, (error) => { if (!error) { console.log("Server is Successfully Running, and App is listening on port " + PORT) } else { console.log("Error occurred, server can't start", error); } } );</pre></div><h2 id="a530">Update package.json scripts to run server</h2><ul><li>Update the content in the scripts section of package.json as below. It will help you run your express server in both development and production mode</li></ul><div id="6d0e"><pre> "scripts": { "start": "node app.js", "dev": "nodemon app.js" },</pre></div><ul><li>Start your express server in development mode(auto-reload on file change) using the below command</li></ul><div id="464c"><pre>npm run dev</pre></div><h1 id="1699">Testing your REST APIs</h1><h2 id="f8a6">Public Endpoint— http://localhost:3000/public</h2><ul><li>Even without an authentication token, this endpoint will fetch a response.</li></ul><figure id="74df"><img src="https://cdn-images-1.readmedium.com/v2/resize:fit:800/1*xjvkOCdQJ5VIolwBtu-TWg.png"><figcaption></figcaption></figure><h2 id="f796">Secured Endpoint — http://localhost:3000/secured</h2><ul><li>Without a token, you should get an authentication error</li></ul><figure id="ad69"><img src="https://cdn-images-1.readmedium.com/v2/resize:fit:800/1*rSANl9_J1BRma6p1UjgLPg.png"><figcaption></figcaption></figure><ul><li>Let’s set up the Authorization tab to generate a token using the Configure New Token section. You can use the values below.</li></ul><div id="3d60"><pre>Token Name - secure-express-service Grant type - Password Credentials Access Token URL - http://localhost:8080/realms/master/protocol/openid-connect/token Client ID - secure-express-service Username - user@nerdcore.com Password - Client Authentication - Send as basic auth header</pre></div><figure id="5d0e"><img src="https://cdn-images-1.readmedium.com/v2/resize:fit:800/1*AEhl6BHxVPT5J6X6wKnxGg.png"><figcaption></figcaption></figure><ul><li>Click on Get New Access Token, then Proceed, then Use Token</li></ul><figure id="ea60"><img src="https://cdn-images-1.readmedium.com/v2/resize:fit:800/1*t7pdQRYhqsnhK_NDBSD19g.png"><figcaption></figcaption></figure><figure id="55e0"><img src="https://cdn-images-1.readmedium.com/v2/resize:fit:800/1*MwMrf1npagIRpGmXEfOWcw.png"><figcaption></figcaption></figure><ul><li>Now fire the /secured rest endpoint again, and you will get a successful response.</li></ul><figure id="e106"><img src="https://cdn-images-1.readmedium.com/v2/resize:fit:800/1*xsq6E7TWbMeTHXzNEQMD1Q.png"><figcaption></figcaption></figure><h2 id="97a4">Secured Admin Endpoint — http://localhost:3000/secured-admin</h2><ul><li>If you try to access the endpoint without any token — Auth error</li><li>If you try to access the endpoint with the token from [email protected] — Auth error</li><li>If you try to access the endpoint with the token from [email protected] — Success</li></ul>You can find the GitHub repository <a href="https://github.com/saurav-samantray/secure-express-service">here</a> for reference.Happy learning and happy coding!</article></body>

Mastodons On Parade

A Photo Story of Street Art in Fort Wayne, Indiana

In Living Color

In Living Color is the home of photo stories from all walks of life.